From 138092b61a130e0743b1e9c6b8d40d0d84fa398d Mon Sep 17 00:00:00 2001
From: Ryan Lane <rlane@wikimedia.org>
Date: Tue, 30 Apr 2013 12:37:52 -0700
Subject: [PATCH] Add hook AbortChangePassword to Special:ChangePassword

Adds a consistent method for authentication extensions to block
password changing operations.

Bug: 46590
Change-Id: I3469e90a958c4fb0f24cafd67de5590d3cc2f075
---
 docs/hooks.txt                              | 6 ++++++
 includes/specials/SpecialChangePassword.php | 6 ++++++
 languages/messages/MessagesEn.php           | 1 +
 languages/messages/MessagesQqq.php          | 1 +
 maintenance/language/messages.inc           | 1 +
 5 files changed, 15 insertions(+)

diff --git a/docs/hooks.txt b/docs/hooks.txt
index de51024ce5..0b835c2696 100644
--- a/docs/hooks.txt
+++ b/docs/hooks.txt
@@ -270,6 +270,12 @@ $reason: the reason for the move (added in 1.13)
 $user: the User object about to be created (read-only, incomplete)
 &$msg: out parameter: HTML to display on abort
 
+'AbortChangePassword': Return false to cancel password change.
+$user: the User object to which the password change is occuring
+$mOldpass: the old password provided by the user
+$newpass: the new password provided by the user
+&$abortMsg: the message identifier for abort reason
+
 'ActionBeforeFormDisplay': Before executing the HTMLForm object.
 $name: name of the action
 &$form: HTMLForm object
diff --git a/includes/specials/SpecialChangePassword.php b/includes/specials/SpecialChangePassword.php
index 3f6552087c..b53a46a0f5 100644
--- a/includes/specials/SpecialChangePassword.php
+++ b/includes/specials/SpecialChangePassword.php
@@ -251,6 +251,12 @@ class SpecialChangePassword extends UnlistedSpecialPage {
 			throw new PasswordError( $this->msg( 'login-throttled' )->text() );
 		}
 
+		$abortMsg = 'resetpass-abort-generic';
+		if ( !wfRunHooks( 'AbortChangePassword', array( $user, $this->mOldpass, $newpass, &$abortMsg ) ) ) {
+			wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'abortreset' ) );
+			throw new PasswordError( $this->msg( $abortMsg )->text() );
+		}
+
 		if ( !$user->checkTemporaryPassword( $this->mOldpass ) && !$user->checkPassword( $this->mOldpass ) ) {
 			wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) );
 			throw new PasswordError( $this->msg( 'resetpass-wrong-oldpass' )->text() );
diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index 3a5d11233e..61f3f24d5b 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -1247,6 +1247,7 @@ To finish logging in, you must set a new password here:',
 'oldpassword'               => 'Old password:',
 'newpassword'               => 'New password:',
 'retypenew'                 => 'Retype new password:',
+'resetpass-abort-generic'   => 'Password change has been aborted by an extension.',
 'resetpass_submit'          => 'Set password and log in',
 'resetpass_success'         => 'Your password has been changed successfully!
 Now logging you in...',
diff --git a/languages/messages/MessagesQqq.php b/languages/messages/MessagesQqq.php
index 1cf6e1ee98..b13d759f32 100644
--- a/languages/messages/MessagesQqq.php
+++ b/languages/messages/MessagesQqq.php
@@ -1303,6 +1303,7 @@ See also:
 'oldpassword' => "Used on the 'User profile' tab of 'my preferences'. This is the text next to an entry box for the old password in the 'change password' section.",
 'newpassword' => '{{Identical|New password}}',
 'retypenew' => "Appears on the 'User profile' tab of the 'Preferences' special page in the 'Change password' section. It appears next to the text box for entering the new password a second time.",
+'resetpass-abort-generic' => 'Generic error message shown on [[Special:ChangePassword]] when an extension aborts a password change from a hook.',
 'resetpass_submit' => 'Submit button on [[Special:ChangePassword]]',
 'resetpass_success' => 'Used in [[Special:ChangePassword]].',
 'resetpass_forbidden' => "Used as error message in changing password. Maybe the external auth plugin won't allow local password changes.",
diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc
index 60f2e7ad48..fc0080c383 100644
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -567,6 +567,7 @@ $wgMessageStructure = array(
 		'resetpass-submit-cancel',
 		'resetpass-wrong-oldpass',
 		'resetpass-temp-password',
+		'resetpass-abort-generic',
 	),
 	'passwordreset' => array(
 		'passwordreset',
-- 
2.20.1